id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc	uname	nginx_version
893	Possible buffer overrun	barlone@…		"Piece of code in file 'ngx_http_v2_filter_module.c', function ngx_http_v2_header_filter:
{{{
 len += 1 + clcf->server_tokens ? ngx_http_v2_literal_size(NGINX_VER)
                                : ngx_http_v2_literal_size(""nginx"");
}}}
Here is calculating the length of the memory block that is allocated and filled in later. 1 not added, one byte out of allocated buffer access possible.

Expected behavior: add 1, then add size of one of two litetals.
Actual behavior: due to operator pecedence ('+' has greater priority than ternary condition), always add only size of first literal."	defect	closed	minor	1.9	nginx-module	1.9.x	fixed				1.9.10